US20160119198A1 - Deep Packet Inspection Method and Device, and Coprocessor - Google Patents

Deep Packet Inspection Method and Device, and Coprocessor Download PDF

Info

Publication number
US20160119198A1
US20160119198A1 US14/980,719 US201514980719A US2016119198A1 US 20160119198 A1 US20160119198 A1 US 20160119198A1 US 201514980719 A US201514980719 A US 201514980719A US 2016119198 A1 US2016119198 A1 US 2016119198A1
Authority
US
United States
Prior art keywords
coprocessor
data packet
application layer
original data
processor core
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/980,719
Other languages
English (en)
Inventor
Aviv Kfir
Daniel Moscovici
Emil Zak
Mo Mo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Assigned to HUAWEI TECHNOLOGIES CO., LTD. reassignment HUAWEI TECHNOLOGIES CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MO, Mo, KFIR, Aviv, MOSCOVICI, Daniel, ZAK, EMIL
Publication of US20160119198A1 publication Critical patent/US20160119198A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Advance Control (AREA)
  • Computer And Data Communications (AREA)
US14/980,719 2013-08-05 2015-12-28 Deep Packet Inspection Method and Device, and Coprocessor Abandoned US20160119198A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201310337064.6 2013-08-05
CN201310337064.6A CN104348677A (zh) 2013-08-05 2013-08-05 一种深度报文检测方法、设备及协处理器
PCT/CN2014/071025 WO2015018188A1 (zh) 2013-08-05 2014-01-21 一种深度报文检测方法、设备及协处理器

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/071025 Continuation WO2015018188A1 (zh) 2013-08-05 2014-01-21 一种深度报文检测方法、设备及协处理器

Publications (1)

Publication Number Publication Date
US20160119198A1 true US20160119198A1 (en) 2016-04-28

Family

ID=52460603

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/980,719 Abandoned US20160119198A1 (en) 2013-08-05 2015-12-28 Deep Packet Inspection Method and Device, and Coprocessor

Country Status (8)

Country Link
US (1) US20160119198A1 (ru)
EP (1) EP2933955B1 (ru)
JP (1) JP6192725B2 (ru)
KR (1) KR101662685B1 (ru)
CN (1) CN104348677A (ru)
CA (1) CA2898053C (ru)
RU (1) RU2630414C2 (ru)
WO (1) WO2015018188A1 (ru)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140241373A1 (en) * 2013-02-28 2014-08-28 Xaptum, Inc. Systems, methods, and devices for adaptive communication in a data communication network
US20180198804A1 (en) * 2015-12-10 2018-07-12 Sonicwall Us Holdings Inc. Reassembly free deep packet inspection for peer to peer networks
US20190158497A1 (en) * 2017-11-20 2019-05-23 Microsoft Technology Licensing, Llc Securing Shared Components
US10447567B2 (en) 2016-07-14 2019-10-15 Fujitsu Limited Control apparatus and processing method for control apparatus
CN110502378A (zh) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 一种配置多算法协处理器自检的方法
US10491566B2 (en) 2015-11-10 2019-11-26 Sonicwall Inc. Firewall informed by web server security policy identifying authorized resources and hosts
US10628190B2 (en) 2015-09-28 2020-04-21 Huawei Technologies Co., Ltd. Acceleration management node, acceleration node, client, and method
CN111163043A (zh) * 2018-11-08 2020-05-15 全球能源互联网研究院有限公司 一种源网荷系统实时交互协议深度解析方法和系统
US10805439B2 (en) 2018-04-30 2020-10-13 Xaptum, Inc. Communicating data messages utilizing a proprietary network
US10893440B2 (en) * 2016-11-04 2021-01-12 Huawei Technologies Co., Ltd. Network hotspot control method and related device
US10912053B2 (en) 2019-01-31 2021-02-02 Xaptum, Inc. Enforcing geographic restrictions for multitenant overlay networks
US10924593B2 (en) 2018-08-31 2021-02-16 Xaptum, Inc. Virtualization with distributed adaptive message brokering
US10938877B2 (en) 2018-11-30 2021-03-02 Xaptum, Inc. Optimizing data transmission parameters of a proprietary network
US10965653B2 (en) 2018-03-28 2021-03-30 Xaptum, Inc. Scalable and secure message brokering approach in a communication system
CN112637223A (zh) * 2020-12-26 2021-04-09 曙光网络科技有限公司 应用协议识别方法、装置、计算机设备和存储介质
CN112671618A (zh) * 2021-03-15 2021-04-16 北京安帝科技有限公司 深度报文检测方法和装置
US11057352B2 (en) 2018-02-28 2021-07-06 Xaptum, Inc. Communication system and method for machine data routing
US11188384B2 (en) * 2018-11-07 2021-11-30 Ebay Inc. Resource trust model for securing component state data for a resource using blockchains
CN115473850A (zh) * 2022-09-14 2022-12-13 电信科学技术第十研究所有限公司 一种基于ai的实时数据过滤方法、系统及存储介质
US11706254B2 (en) * 2017-11-17 2023-07-18 Huawei Technologies Co., Ltd. Method and apparatus for identifying encrypted data stream

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104780080B (zh) * 2015-04-13 2018-09-25 苏州迈科网络安全技术股份有限公司 深度报文检测方法及系统
CN105162626B (zh) * 2015-08-20 2018-07-06 西安工程大学 基于众核处理器的网络流量深度识别系统及识别方法
CN105141468B (zh) * 2015-10-08 2019-02-05 盛科网络(苏州)有限公司 高效实现网络芯片流量统计的方法及装置
CN105429820B (zh) * 2015-11-05 2018-10-09 武汉烽火网络有限责任公司 基于软件定义网络的深度包检测系统及方法
CN106815112B (zh) * 2015-11-27 2020-03-24 大唐软件技术股份有限公司 一种基于深度包检测的海量数据监控系统及方法
CN107026821B (zh) * 2016-02-01 2021-06-01 阿里巴巴集团控股有限公司 报文的处理方法及装置
CN105847179B (zh) * 2016-03-23 2019-07-26 武汉绿色网络信息服务有限责任公司 一种dpi系统中数据并发上报的方法及装置
US10397263B2 (en) * 2017-04-25 2019-08-27 Futurewei Technologies, Inc. Hierarchical pattern matching for deep packet analysis
CN107204923B (zh) * 2017-05-24 2020-06-02 全讯汇聚网络科技(北京)有限公司 一种协议分流方法、系统及路由器
CN109388499A (zh) * 2017-08-04 2019-02-26 东软集团股份有限公司 报文转发方法及装置、计算机可读存储介质、电子设备
CN107682215B (zh) * 2017-08-31 2021-07-06 哈尔滨工程大学 一种基于改进lrfu状态记录的dpi业务识别方法
CN110098970A (zh) * 2018-01-30 2019-08-06 江苏博智软件科技股份有限公司 一种基于多框架的高性能协议还原模块
CN108900374B (zh) * 2018-06-22 2021-05-25 网宿科技股份有限公司 一种应用于dpi设备的数据处理方法和装置
CN110855602B (zh) * 2018-08-21 2022-02-25 国家计算机网络与信息安全管理中心 物联网云平台事件识别方法及系统
CN109308200A (zh) * 2018-09-10 2019-02-05 麒麟合盛网络技术股份有限公司 一种内存数据加载方法、装置及其设备
CN109783409A (zh) * 2019-01-24 2019-05-21 北京百度网讯科技有限公司 用于处理数据的方法和装置
KR102045702B1 (ko) * 2019-05-03 2019-11-15 한국과학기술원 심층 패킷 분석에서 정규 표현식 매칭 방법 및 그 장치
WO2020252635A1 (zh) * 2019-06-17 2020-12-24 西门子股份公司 网络行为模型构建方法、装置和计算机可读介质
CN110661682B (zh) * 2019-09-19 2021-05-25 上海天旦网络科技发展有限公司 通用互联数据自动分析系统、方法、设备
US11411919B2 (en) 2019-10-01 2022-08-09 EXFO Solutions SAS Deep packet inspection application classification systems and methods
EP3820082A1 (en) * 2019-11-07 2021-05-12 Rohde & Schwarz GmbH & Co. KG System for analyzing data traffic as well as method for analyzing data traffic
CN111130946B (zh) * 2019-12-30 2022-03-25 联想(北京)有限公司 一种深度报文识别的加速方法、装置和存储介质
CN111817917B (zh) * 2020-07-03 2021-12-24 中移(杭州)信息技术有限公司 一种深度包检测的方法、装置、服务器及存储介质
CN111865724B (zh) * 2020-07-28 2022-02-08 公安部第三研究所 视频监控设备信息采集控制实现方法
CN112787828B (zh) * 2021-01-08 2023-03-21 重庆创通联智物联网有限公司 一种应用程序的流量统计方法、设备、移动电子设备
CN114827431A (zh) * 2021-01-27 2022-07-29 Oppo广东移动通信有限公司 场景包处理方法、协处理芯片、主处理芯片及电子设备
CN113191454A (zh) * 2021-05-26 2021-07-30 清创网御(北京)科技有限公司 一种多核处理器平台的流量分类方法
CN113905411B (zh) * 2021-10-28 2023-05-02 中国联合网络通信集团有限公司 深度包检测识别规则的检测方法、装置、设备及存储介质
CN114050926A (zh) * 2021-11-09 2022-02-15 南方电网科学研究院有限责任公司 一种数据报文深度检测方法和装置
CN115665051B (zh) * 2022-12-29 2023-03-28 北京浩瀚深度信息技术股份有限公司 基于fpga+rldram3实现高速流表的方法
CN116545772B (zh) * 2023-07-04 2023-09-19 杭州海康威视数字技术股份有限公司 轻量级物联网流量的协议识别方法、装置及设备
CN116962551B (zh) * 2023-07-28 2024-03-19 中科驭数(北京)科技有限公司 基于dpu应用层报文重组的dpi安全检测方法

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3989634B2 (ja) * 1998-09-28 2007-10-10 株式会社ローラン 集積回路及び集積回路用のデータを記録した記録媒体
US20110238855A1 (en) * 2000-09-25 2011-09-29 Yevgeny Korsunsky Processing data flows with a data flow processor
JP2007325293A (ja) * 2002-08-20 2007-12-13 Nec Corp 攻撃検知システムおよび攻撃検知方法
US7146643B2 (en) * 2002-10-29 2006-12-05 Lockheed Martin Corporation Intrusion detection accelerator
CN101102184B (zh) * 2007-08-02 2011-04-20 中兴通讯股份有限公司 宽带接入服务器及用于宽带接入服务器的高速dpi单板装置
US20090190505A1 (en) * 2008-01-30 2009-07-30 Alcatel Lucent Method and apparatus for targeted content delivery based on real-time communication session analysis
JP2009296195A (ja) * 2008-06-04 2009-12-17 Mitsubishi Electric Corp 複数のcpuコアを備えたfpgaを用いた暗号装置
CN101997700A (zh) * 2009-08-11 2011-03-30 上海大学 基于深度包检测和深度流检测技术的IPv6监测设备
US8468546B2 (en) * 2011-02-07 2013-06-18 International Business Machines Corporation Merging result from a parser in a network processor with result from an external coprocessor
JP5667009B2 (ja) * 2011-08-08 2015-02-12 日本電信電話株式会社 ルータ装置及びデータ解析方法
WO2013032473A1 (en) * 2011-08-31 2013-03-07 Hewlett-Packard Development Company, L.P. Tiered deep packet inspection in network devices
CA2768483C (en) * 2011-12-30 2019-08-20 Sandvine Incorporated Ulc Systems and methods for managing quality of service
CN102932203B (zh) * 2012-10-31 2015-06-10 东软集团股份有限公司 异构平台间的深度报文检测方法及装置

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10516602B2 (en) 2013-02-28 2019-12-24 Xaptum, Inc. Systems, methods, and devices for adaptive communication in a data communication network
US9887911B2 (en) * 2013-02-28 2018-02-06 Xaptum, Inc. Systems, methods, and devices for adaptive communication in a data communication network
US20140241373A1 (en) * 2013-02-28 2014-08-28 Xaptum, Inc. Systems, methods, and devices for adaptive communication in a data communication network
US11080076B2 (en) 2015-09-28 2021-08-03 Huawei Technologies Co., Ltd. Acceleration management node, acceleration node, client, and method
US11579907B2 (en) 2015-09-28 2023-02-14 Huawei Technologies Co., Ltd. Acceleration management node, acceleration node, client, and method
US10628190B2 (en) 2015-09-28 2020-04-21 Huawei Technologies Co., Ltd. Acceleration management node, acceleration node, client, and method
US10491566B2 (en) 2015-11-10 2019-11-26 Sonicwall Inc. Firewall informed by web server security policy identifying authorized resources and hosts
US10630697B2 (en) * 2015-12-10 2020-04-21 Sonicwall Inc. Reassembly free deep packet inspection for peer to peer networks
US11005858B2 (en) 2015-12-10 2021-05-11 Sonicwall Inc. Reassembly free deep packet inspection for peer to peer networks
US11695784B2 (en) 2015-12-10 2023-07-04 Sonicwall Inc. Reassembly free deep packet inspection for peer to peer networks
US20180198804A1 (en) * 2015-12-10 2018-07-12 Sonicwall Us Holdings Inc. Reassembly free deep packet inspection for peer to peer networks
US10447567B2 (en) 2016-07-14 2019-10-15 Fujitsu Limited Control apparatus and processing method for control apparatus
US10893440B2 (en) * 2016-11-04 2021-01-12 Huawei Technologies Co., Ltd. Network hotspot control method and related device
US11706254B2 (en) * 2017-11-17 2023-07-18 Huawei Technologies Co., Ltd. Method and apparatus for identifying encrypted data stream
US10666655B2 (en) * 2017-11-20 2020-05-26 Microsoft Technology Licensing, Llc Securing shared components
US20190158497A1 (en) * 2017-11-20 2019-05-23 Microsoft Technology Licensing, Llc Securing Shared Components
US11057352B2 (en) 2018-02-28 2021-07-06 Xaptum, Inc. Communication system and method for machine data routing
US10965653B2 (en) 2018-03-28 2021-03-30 Xaptum, Inc. Scalable and secure message brokering approach in a communication system
US10805439B2 (en) 2018-04-30 2020-10-13 Xaptum, Inc. Communicating data messages utilizing a proprietary network
US10924593B2 (en) 2018-08-31 2021-02-16 Xaptum, Inc. Virtualization with distributed adaptive message brokering
US11188384B2 (en) * 2018-11-07 2021-11-30 Ebay Inc. Resource trust model for securing component state data for a resource using blockchains
US11681551B2 (en) 2018-11-07 2023-06-20 Ebay Inc. Resource trust model for securing component state data for a resource using blockchains
CN111163043A (zh) * 2018-11-08 2020-05-15 全球能源互联网研究院有限公司 一种源网荷系统实时交互协议深度解析方法和系统
US10938877B2 (en) 2018-11-30 2021-03-02 Xaptum, Inc. Optimizing data transmission parameters of a proprietary network
US10912053B2 (en) 2019-01-31 2021-02-02 Xaptum, Inc. Enforcing geographic restrictions for multitenant overlay networks
CN110502378A (zh) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 一种配置多算法协处理器自检的方法
CN112637223A (zh) * 2020-12-26 2021-04-09 曙光网络科技有限公司 应用协议识别方法、装置、计算机设备和存储介质
CN112671618A (zh) * 2021-03-15 2021-04-16 北京安帝科技有限公司 深度报文检测方法和装置
CN115473850A (zh) * 2022-09-14 2022-12-13 电信科学技术第十研究所有限公司 一种基于ai的实时数据过滤方法、系统及存储介质

Also Published As

Publication number Publication date
JP2015537278A (ja) 2015-12-24
WO2015018188A1 (zh) 2015-02-12
CN104348677A (zh) 2015-02-11
KR20150103248A (ko) 2015-09-09
CA2898053C (en) 2017-10-31
RU2015137525A (ru) 2017-03-06
RU2630414C2 (ru) 2017-09-07
KR101662685B1 (ko) 2016-10-05
CA2898053A1 (en) 2015-02-12
EP2933955A1 (en) 2015-10-21
EP2933955B1 (en) 2017-06-28
JP6192725B2 (ja) 2017-09-06
EP2933955A4 (en) 2016-02-10

Similar Documents

Publication Publication Date Title
CA2898053C (en) Deep packet inspection method, device, and coprocessor
US11456965B2 (en) Network service request throttling system
US9215212B2 (en) Systems and methods for providing a visualizer for rules of an application firewall
US8438626B2 (en) Systems and methods for processing application firewall session information on owner core in multiple core system
US20160171102A1 (en) Runtime adaptable search processor
US9356844B2 (en) Efficient application recognition in network traffic
US11265235B2 (en) Technologies for capturing processing resource metrics as a function of time
US11848965B2 (en) Secure software defined storage
US20140237538A1 (en) Input prediction in a database access control system
US9477538B2 (en) Method and system for the support of application specific policies for conventional operating systems
de Bruijn et al. Application-tailored I/O with Streamline
KR102165272B1 (ko) 블록체인에 저장되는 데이터를 관리하는 방법 및 서버
CN115033407B (zh) 一种适用于云计算的采集识别流量的系统和方法
CN114024758B (zh) 流量特征提取方法、系统、存储介质及电子设备
KR102424186B1 (ko) 룰 병합 방법 및 장치
CN113297567A (zh) 网络过滤方法、装置、设备和系统
CN111200815A (zh) 基于移动应用的信息传输方法及装置
US11757837B2 (en) Sensitive data identification in real time for data streaming
WO2015116195A1 (en) Performing processing tasks using an auxiliary processing unit
CN115454630A (zh) 数据审计方法、装置、系统、设备、介质和程序产品
US9069628B2 (en) Spooling system call data to facilitate data transformation

Legal Events

Date Code Title Description
AS Assignment

Owner name: HUAWEI TECHNOLOGIES CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KFIR, AVIV;MOSCOVICI, DANIEL;ZAK, EMIL;AND OTHERS;SIGNING DATES FROM 20140912 TO 20141210;REEL/FRAME:038136/0040

STCB Information on status: application discontinuation

Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION